The present invention relates to user authentication, and more particularly to indirect user authentication.
In computing, user access to a computing system is controlled using identity management. Identity management is the process of controlling information about user accounts corresponding to the computer. User information may include details such as information that authenticates (i.e., verifies) the identity of a user, information that describes privileges and authorities the user is entitled to, and the like. A user can authenticate his identity to the computer by providing his authentication credentials. Authentication credentials may include a user ID and a password that have been assigned to uniquely identify the user.
Privileged identity management focuses on the special requirements of controlling access to powerful user accounts (i.e., privileged user IDs) within the information technology (IT) infrastructure of a company. As a general rule, IT organizations prefer to limit the number of privileged user IDs created on a system (e.g., one administrator user ID, one user ID with application deploy authority, etc). With only one administrator user ID, all users with authority to perform administrative tasks share the administrator user ID and password. Similarly, other privileged user IDs and passwords may be shared in the same way.